[pve-devel] hosts.fw and security groups
Alexandre DERUMIER
aderumier at odiso.com
Wed Feb 19 18:28:32 CET 2014
>>INotify does not work with the cluster file system (/etc/pve).
ok, I didn't known.
>>But we can implement some kind of polling (inside pvestatd).
Yes. (do we need to compute all chains ? or only group chains and update them if checksum change ?)
----- Mail original -----
De: "Dietmar Maurer" <dietmar at proxmox.com>
À: "Alexandre DERUMIER" <aderumier at odiso.com>
Cc: pve-devel at pve.proxmox.com
Envoyé: Mercredi 19 Février 2014 17:51:29
Objet: RE: hosts.fw and security groups
> >>Though a bit more about that, and realized that groups.fw is shared
> among all cluster nodes.
> >>
> >>That basically means that the host firewall (node local) is not
> >>updated automatically if the user updates groups.fw (only works for one
> node).
> >>
> >>So this produces unexpected behavior. What do you think about that?
>
> same for tap interface I think.
Oh, you are right :-(
> Maybe using inotify to update firewall rules on groups.fw file update ?
INotify does not work with the cluster file system (/etc/pve).
But we can implement some kind of polling (inside pvestatd).
More information about the pve-devel
mailing list